Critical Infrastructure Cyber Security (SCADA)

Contact information

For further information or to request a quotation, please contact the Professional Education Courses Unit on:

Enquiries Phone: 02 5114 5573

Enquiries Email:

In-house delivery

UNSW Canberra Professional Education Courses may be available for in-house delivery at your organisation's premises. In-house courses allow maximum attendance without the additional travel costs. Courses can be developed to suit the specific staff development and training needs of your organisation. Recommended for groups of 10 or more.

This is a technical course, designed to use simulation tools and equipment to replicate the potential threats against Critical Infrastructure Services (CIS) utilising real life SCADA models. The course provides hands on experience with the complexity of modern information technology equipment and the components in control systems and legacy systems, the threat environment and attackers’ capabilities as well as techniques for securing these systems.

Topics covered include:

  • IT architectures
  • Control System architectures
  • Security vulnerabilities
  • Mitigation strategies
  • Nature of attacks
  • Defence of SCADA and Industrial Control Systems

Learning Outcomes

On completion of this course, participants should be able to:

  • Understand and evaluate the vulnerabilities of Critical Infrastructure.
  • Understand the principles behind the industrial hardware and software of control systems that are used in the operation of Critical Infrastructure.
  • Examine technical specifics about the vulnerabilities of critical infrastructure service delivery with an emphasis of those services dependent on control systems reliability and recoverability.
  • Develop and implement comprehensive mitigation strategies as well as effective administrative and technical risk management plans to protect and secure process control systems.

*Note: Students should have a basic understanding of Cyber Security gained in the workplace or through the Cyber Security Boot Camp or SANS SEC401 or similar. A knowledge of basic networking principles such as OSI/ Internet stack and TCP/IP will also be helpful.

Course Information

Day 1

Critical Infrastructure (CI)

Day 1 begins with a comprehensive overview of critical infrastructure sectors. Students will gain an understanding of the current threat landscape and will be provided with real world examples of cyber attacks to study and analyse.


CI in the Economy, Phishing, SQL Injection, Cross-Site Scripting, Malware Attacks, DoS, DDoS.

Day 2

Control Systems

This session will cover the history of control systems, where are they found and how they work. We’ll also look at the hardware used in these systems and give an overview of the types of common configurations.


Control system implementations, Industrialised hardware, Open-loop Control, Closed-loop Control.

Day 3

Components of an Industrial Control System (ICS)

Day 3 starts with an overview of ICS Hardware. We’ll look at Unintelligent Field Devices, Intelligence Electronic Devices and Distributed Control Systems. Students will become familiar with the roles and limitations of various components.


Limit Switches, Sensors, Robotics, Programmable Logic Controller (PLC), Supervisory Control and Data Acquisition (SCADA), IP Addresses, Binary Coded Decimal, Pulse Width Modulation.

Day 4

Cyber Security Fundamentals

This session will provide an overview of cyber threats and attacks. The various stages of cyber attacks will be covered, along with common ICS security vulnerabilities. Students will gain an understanding of cyber security in an Industrial Control System setting.


Threat Actors and Agents, Threat targets, Attack Vectors, Asymmetric Warfare, Cyber Resiliency.

Day 5

Protection of CI and ICS Forensics

Day 5 consists of a Red team vs. Blue team exercise utilising actual industrial control equipment and the cyber range. Students will gain experience attacking and defending physical real-world type infrastructure scale models that includes traffic management, water supply and electrical supply systems.


Red teaming, Blue teaming, Cyber physical systems, Cyber offence, Cyber defence, SCADA.


filter Download 515.37 KB PDF


This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):

K0011: Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.

K0033: Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).

K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

K0362: Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

K0437: Knowledge of general Supervisory control and data acquisition (SCADA) system components.

S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

A0097: Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.

A0107: Ability to think like threat actors.

What is the NICE Framework?

The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.

To find out more about the NICE Framework, go to:


Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.

UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at to discuss how.